POPULAR CATEGORIES

August 9th, 2017

SHARE THIS

Tags

With the start of Black Hat USA 2017, the annual conference turned 20, and more than fifteen thousand executives, security professionals and experts from all around the world arrived in Las Vegas to share experiences and ideas on one of the most formidable security issues facing the world today: cyber security.

Black Hat USA 2017 Conference in Las Vegas

It was a time for extreme vigilance

For anyone staying in Las Vegas, it paid to be vigilant when accessing public Wi-Fi, surfing the internet, accessing financial information or making payments. You never knew when one of the many black hat hackers was watching your every click. Several Las Vegas clubs found themselves on the receiving end of hacker mischief, with websites being defaced, hotel TVs stuck on boot and restaurant digital menus defaced.

There was a call for more people-centric cyber security, more empathy and less complexity in the security industry

A keynote message was delivered by Alex Stamos, Head of Security for Facebook, who called for a more people-centric cyber security industry. He emphasized that cyber security needs to be human-friendly, and encouraged security professionals to have more empathy for the people who use the technology and also those who fall victim to it.

For cyber security solutions to be effective they can no longer be complex.

It is apparent that we must stop approaching cyber security like it’s 1999—for cyber security solutions to be effective they can no longer be complex or take months to install. Cyber threats are evolving extremely fast and adapting almost daily. This means that cyber security solutions must be dynamic, quick to install, and capable of stopping threats immediately, and from day one.

When it comes to responsibility, there is a need for better balance between employees and security technology

The common theme in the Business Expo hall at Black Hat centered on what is considered to be the highest risk to enterprise security today: the human factor. In most cyber security incidents people are, often unknowingly, the cause of the problem. But is it fair to lay so much of the blame on the employee?

We can reduce the risk of human error and technology failure simultaneously.

While technology was created to help employees do their jobs, sometimes it’s the failure of technology that enables a cyber attack. This makes the employee as much the victim as the cause of the breach. By designing cyber security products that are easy to use—and therefore more likely to be used correctly—we reduce the risk of human error and technology failure simultaneously.

Which security technologies do hackers consider ineffective or obsolete?

Black Hat is undoubtedly the biggest cyber security event of the year, so the Thycotic team took the opportunity to pick the brains of nearly 300 hackers. We surveyed the hackers on a selection of important issues to determine exactly which technologies fail to stop them in their tracks, and which technologies are most effective at preventing them from moving further into their target’s network (causing untold damage).

What are the threats we should really be concerned about?

We discovered that many popular, even top-rated, security solutions have little to no effect at stopping hackers, and others are deemed no longer relevant, or easy to get past. We have known for many years that traditional Endpoint protection solutions like Antivirus are no longer keeping up with the task of protecting organizations from cyber attacks. In fact Symantec’s senior vice president, Brian Dye, declared that Antivirus was dead back in May 2014. And it now appears that Firewalls are joining Antivirus as being ineffective in providing protection against today’s threats. The threats have evolved beyond viruses and malware, and the boundaries have moved.

So where have those boundaries moved to, and what are the threats we should really be concerned about? Get the answers to these questions and many more in our free Black Hat 2017 Survey Report:

Joseph Carson

A Cyber Security Professional with 20+ years’ experience in Enterprise Security & Infrastructure, Joseph is a Certified Information Systems Security Professional (CISSP). An active member of the cyber security community and a frequent speaker at cyber security events globally, Joseph is also an adviser to several cyber security conferences.